race condition fix: block all signals before decrementing thread count

the existence of a (kernelspace) thread must never have observable effects after the thread count is decremented. if signals are not blocked, it could end up handling the signal for rsyscall and contributing towards the count of threads which have changed ids, causing a thread to be missed. this could lead to one thread retaining unwanted privilege level. this change may also address other subtle race conditions in application code that uses signals.
2011-02-19 11:04:36 -05:00 · 2011-02-19 11:04:36 -05:00 · 19eb13b9a4
parent a49c119276
commit 19eb13b9a4
3 changed files with 2 additions and 22 deletions
--- a/src/thread/i386/__unmapself.s
+++ b/src/thread/i386/__unmapself.s
@ -2,15 +2,6 @@
 .global __unmapself
 .type   __unmapself,%function
 __unmapself:
-	call 1f
-	.long -1
-	.long -1
-1:	popl %ecx
-	xorl %ebx,%ebx
-	xorl %edx,%edx
-	movl $8,%esi
-	movl $175,%eax
-	int $128
 	movl $91,%eax
 	movl 4(%esp),%ebx
 	movl 8(%esp),%ecx
--- a/src/thread/pthread_create.c
+++ b/src/thread/pthread_create.c
@ -25,6 +25,8 @@ void __pthread_unwind_next(struct __ptcb *cb)
 		}
 	}

+	syscall4(__NR_sigprocmask, SIG_BLOCK, (long)(uint64_t[1]){-1}, 0, 8);
+
 	if (!a_fetch_add(&libc.threads_minus_1, -1))
 		exit(0);

--- a/src/thread/x86_64/__unmapself.s
+++ b/src/thread/x86_64/__unmapself.s
@ -3,19 +3,6 @@
 .global __unmapself
 .type   __unmapself,%function
 __unmapself:
-	call 1f         /* glibc ABI compat */
-	.long -1
-	.long -1
-1:      push %rsi       /* save arg2 for munmap */
-	push %rdx       /* save arg3 for munmap */
-	mov %rdi,%rsi   /* rt_sigprocmask() args: move arg1 to rsi */
-	xor %rdi,%rdi
-	xor %rdx,%rdx
-	movq $8,%r10
-	movl $14,%eax   /* __NR_rt_sigprocmask */
-	syscall         /* call rt_sigprocmask(0,arg1,0,8) */
-	pop %rsi        /* munmap() args: reload from stack */
-	pop %rdi
 	movl $11,%eax   /* __NR_munmap */
 	syscall         /* munmap(arg2,arg3) */
 	xor %rdi,%rdi   /* exit() args: always return success */